Computer networks (e.g., the Internet) are making a slow and painful transition from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6): slow because deploying IPv6 is most useful if all network devices deploying IPv6 (the “network effect”) and painful because it requires software and/or hardware updates. One example solution is DNS64 that is an exemplary mechanism for synthesizing AAAA resource records (or, quad-A records) used in IPv6 from A records used in IPv4. However, a downstream validator will mark a synthesized AAAA resource record type as invalid if DNS64 software, which is positioned between the DNS client requesting an AAAA resource record address and a DNS server, has performed the synthesis of the AAAA resource record, but cannot sign the synthesized AAAA resource record. This happens because conventional technologies do not validate the synthesized AAAA resource record. When conversion to IPv6 (for the AAAA response from an A response, which is a different resource record type from the AAAA response) is performed, the original Resource Record Signature (RRSIG) associated with the IPv4 A resource record type becomes invalid. As a result, conventional implementations of DNS64 break Domain Name System Security Extensions (DNSSEC). Unfortunately, using conventional technology invalidated AAAA resource record responses are obtained that pose security threat for client devices requesting the resource records, and defeat the purpose of DNSSEC itself.